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Conference Title: Proceedings of the 1997 13th Annual Computer Security 
Applications Conference, ACSAC 

Conference Location: San Diego, CA, USA Conference Date: 
19971208-19971212 

E.I. Conference No.: 47814 

Source: Annual Computer Security Applications Conference 1997. IEEE Comp 
Soc, Los Alamitos, CA, USA, 97TB100213 . p 227-230 
Publication Year: 1997 
CODEN: CMSCE4 
Language: English 

Abstract: Current e-mail security systems base their security on the 
secrecy of the long - term private key . If this private key is ever 
compromised, all attacker can decrypt any messages - past, present, or 
future - encrypted with the corresponding public key. The system described 
in this paper uses short term private - key /public-key pairs to 
reduce the magnitude of this vulnerability. (Author abstract) 19 Ref s . 

Identifiers: Long term private key ; Short term private key 
/public key 
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Conference Date: 8-12 Dec. 1997 Conference Location: San Diego, CA, 
USA 

Language: English 
Subfile: B C 
Copyright 1997, IEE 

Abstract: Current e-mail security systems base their security on the 
secrecy of the long - term private key . If this private key is ever 
compromised, an attacker can decrypt any messages -past , present or 
future- encrypted with the corresponding public key. The system described in 
this paper uses short - term private - key /public-key key pairs to 
reduce the magnitude of this vulnerability. 
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Generation method for shared secret value between entities, involves 
computing common shared key for each entity by combining group short term 
public key, intra-entity shared key, and entity long term key 
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Priority Applications (No Type Date) : CA 2277633 A 19990719 
Patent Details : 

Patent No Kind Lan Pg Main IPC Filing Notes 

WO 200106697 A2 E 11 H04L-009/00 

Designated States (National) : AE AL AM AT AU AZ BA BB BG BR BY CA CH CN 
CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP 
KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE 
SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW 

Designated States (Regional) : AT BE CH CY DE DK EA ES FI FR GB GH GM GR 

IE IT KE LS LU MC MW MZ NL OA PT SD SE SL SZ TZ UG ZW 
AU 200061437 A H04L-009/00 Based on patent WO 200106697 

CA 2277633 Al E H04L-009/30 

EP 1226678 A2 E H04L-009/00 Based on patent WO 200106697 

Designated States (Regional) : AL AT BE CH CY DE DK ES FI FR GB GR IE IT 
LI LT LU LV MC MK NL PT RO SE SI 

EP 1226678 Bl E H04L-009/00 Based on patent WO 200106697 

Designated States (Regional) : CH DE FR GB LI 

DE 60006147 E H04L-009/00 Based on patent EP 1226678 

Based on patent WO 200106697 

Abstract (Basic) : 

... of each member. The intra-entity public key is computed for each 

member by mathematically combining its short - term private key , 
the long term private key and the intra-entity shared key. . . 

8/3, K/4 (Item 2 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 
(c) 2005 Thomson Derwent . All rts . reserv. 

.012890364 **Image available** 
WPI Acc No: 2000-062198/200005 
XRPX Acc NO: N00-048724 

Authenticated key agreement method between two entities in digital data 

communication system 
Patent Assignee: CERTICOM CORP (CERT-N) 
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Number of Countries: 087 Number of Patents: 007 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 
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Priority Applications (No Type Date 
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IE IT KE LS LU MC MW NL OA PT SD 

CA 2236495 Al E H04L-009/30 

AU 9935902 A 

EP 1075746 Al E H04L-009/08 
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Filing Notes 

AL AM AT AU AZ BA BB BG BR BY CA CH CN 

GM HR HU ID IL IN IS JP KE KG KP KR KZ 

MW MX NO NZ PL PT RO RU SD SE SG SI SK 
ZA ZW 

BE CH CY DE DK EA ES FI FR GB GH GM GR 
SE SL SZ UG ZW 

Based on patent WO 9957844 
Based on patent WO 9957844 
DE FR GB LI 



Based on patent WO 9957844 



Abstract (Basic) : 

... The entity (i) utilizes long term shared secret key (K') 

to compute authenticated message on entities identity information and 
entities public session keys, and forwards the message to entity (j). 
The entity verifies the received message, and computes short term 
shared secret key utilizing public and private session keys of 
respective entities. 
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DIALOG(R) File 348:EUROPEAN PATENTS 
(c) 2005 European Patent 'Of f ice . All rts. reserv. 

01660432 

Method and apparatus for minimizing differential power attacks on 
processors 

Verfahren und Vorrichtung zur Minimalisierung dif f erentieller 

S tromverbr auchs angr i f f e 
Procede et appareil de minimisation des attaques massives de type 

dif ferentiel sur des processeurs 

PATENT ASSIGNEE: 

Certicom Corp., (2118052), 5520 Explorer Drive, 4th Floor, Mississauga, 
Ontario L4W 5L1, (CA) , (Applicant designated States: all) 
INVENTOR : 

Pezeshki, Farhad, 10 Hope Street, Toronto, Ontario M6E 1J7, (CA) 

Lambert, Robert, J., 63 Holm Street, Cambridge, Ontario N3C 3N3 , (CA) 
LEGAL REPRESENTATIVE: 

Boyce, Conor et al (74271), F. R. ' Kelly & Co., 27 Clyde Road, Ballsbridge 
, Dublin 4, (IE) 
PATENT (CC, No, Kind, Date) : EP 1365308 A2 031126 (Basic) 
APPLICATION (CC, No, Date)": EP 2003018048 000111; 
PRIORITY (CC, No, Date) : CA 2258338 990111 
DESIGNATED STATES: DE; FR;. GB 
RELATED PARENT NUMBER (S) - PN (AN) : 

EP 1161726 (EP 2000900195) 
INTERNATIONAL PATENT CLASS: G06F-001/00 
ABSTRACT WORD COUNT: 122 
NOTE : 

Figure number on first page : 5 



LANGUAGE (Publication ,. Procedural , Application) : English; English; English 
FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 



CLAIMS A (English) 200348 648 

SPEC A (English) 200348 3291 

Total word count - document A 3 93 9 

Total word count - document B 0 

Total word count - documents A + B 3 93 9 



. . .CLAIMS component s for use in a digital signature protocol where s 

results from an application of a long term private key a, and 
a short term private key k in a signing process, said method 
including the steps of representing said long term private key 

a as a pair of components bl) ) , b2)), generating a value (pi), 
combining said value (pi) with. . . 



8/3, K/6 (Item 2 from file: 348) 

DIALOG (R) File 348: EUROPEAN PATENTS 
(c) 2005 European Patent Office. All rts. reserv. 

01258234 

SPLIT-KEY KEY -AGREEMENT PROTOCOL 

SCHLUSSELAUSTAUSCHPROTOKOLL MIT AUFGETEILTEN SCHLUSSELN 
PROTOCOLE D 1 ACCORD DE CLE CLE FRACTIONNEE 

PATENT ASSIGNEE: 

Certicom Corp., (2118052), 5520 Explorer Drive, 4th Floor, Mississauga, 
Ontario L4W 5L1, (CA) , (Proprietor designated states: all) 
INVENTOR : 

VANSTONE, Scott A., 10140 Pineview Trail, P.O. Box 490, Campbellville , 
Ontario LOP 1B0, (CA) 
LEGAL REPRESENTATIVE: 

Preuss, Udo, Dipl.-Ing. (88111), Maiwald Patentanwalts GmbH Elisenhof 
Elisenstrasse 3, 80335 Munchen, (DE) 
PATENT (CC, No, Kind, Date) : EP 1226678 A2 020731 (Basic) 

EP 1226678 Bl 031022 
WO 2001006697 010125 
APPLICATION (CC, No, Date) : EP 2000947716 000719; WO 2000CA838 000719 
PRIORITY (CC, No, Date) : CA 2277633 990719 

DESIGNATED STATES (Pub A) : AT; BE; CH; CY; DE ; DK; ES ; FI ; FR; GB; GR; IE; 

IT; LI; LU; MC ; NL; PT; SE; (Pub B) : CH; DE ; FR; GB ; LI 
EXTENDED DESIGNATED STATES: AL; LT; LV; MK; RO; SI 
INTERNATIONAL PATENT CLASS: H04L-009/00 
NOTE : 

No A- document published by EPO 
LANGUAGE (Publication , Procedural , Application) : English; English; English 
FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 



CLAIMS B (English) 200343 515 

CLAIMS B (German) 2 00343 515 

CLAIMS B (French) 200343 549 

SPEC B (English) 200343 1812 

Total word count - document A 0 

Total word count - document B 33 91 

Total word count - documents A + B 3 3 91 



...SPECIFICATION public keys of each said member, 

ii. computing an intra-entity public key by mathematically combining 
its short - term private key , the long term private key 
and said intra-entity shared key; 

(e) for each entity combining intra-entity public keys to derive... 

. . . common key K . 

Next, member Al) ) computes a short term intra-entity public key si)) 



using its short term private key and long term private key 

combined with a function f of the intra-entity public key, that is si) ) 
= xl) ) + al) ) f . . . 

...CLAIMS public keys of each said member; 

(iv) computing an intra-entity public key by mathematically combining 
its short - term private key , the long term private key 
and said intra-entity shared key; 
(e) for each entity combining intra-entity public keys to derive. . . 

...to said intra-entity shared key to obtain a hashed value, multiplying 
said hashed value by said long term private key to obtain a 
resulting value and computing a sum of said resulting value and said 
short - term private key . . 
6. A method as defined in claim 5, said group short term public key being 
computed by. . . 
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DIALOG (R) File 34 9:PCT FULLTEXT 
(c) 2005 WIPO/Univentio . All rts . reserv. 

00967873 **Image available** 
SECURE EPHEMERAL DECRYPTABILITY 
DECHIFFRABILITE EPHEMERE SURE 

Patent Applicant /Assignee : 

SUN MICROSYSTEMS INC, 901 San Antonio Road, M/S UPAL01-521, Palo Alto, CA 
94303, US, US (Residence), US (Nationality) 
Inventor (s) : 

PERLMAN Radia J, 32 Suffolk Lane, Carlisle, MA 01741, US, 
Legal Representative: 

LEBOVICI Victor B (et al) (agent) , Weingarten, Schurgin, Gagnebin & 
Lebovici, LLP, Ten Post Office Square, Boston, MA 02109, US, 
Patent and Priority Information (Country, Number, Date) : 

Patent: WO 2002101974 Al 20021219 (WO 02101974) 

Application: WO 2002US17344 20020531 (PCT/WO US02017344) 

Priority Application: US 2001880470 20010613 
Designated States: 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ 
EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR 
LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI 
SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW 

(EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR 

(OA) BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG 

(AP) GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW 

(EA) AM AZ BY KG KZ MD RU TJ TM 
Publication Language: English 
Filing Language: English 
Fulltext Word Count: 7874 

Fulltext Availability: 
Detailed Description 

Detailed Description 

... protocol, provide for authenticated,, 

private, real-time communications. In the SSL protocol, a server 
system generates a short - term public/ private key pair that is 
certified as authentic using a long - term private key belonging to 

. . .public key to encrypt 
a symmetric key for use during the session. The server 

periodically changes its short - term private key , discarding any 
previous versions. This renders any records of previous sessions 
established using the former short-term. . . 
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00787826 **Image available** 
EPHEMERAL DECRYPTABILITY 
DECHIFFREMENT EPHEMERE 

Patent Applicant /Assignee : 

SUN MICROSYSTEMS INC, 901 San Antonio Road, MS UPALI-521, Palo Alto, CA 
94303, US, US (Residence), US (Nationality) 
Inventor (s) : 

PERLMAN Radia J, 10 Huckleberry Lane, Acton, MA 01720, US, 
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LEBOVICI Victor B (et al) (agent) , Weingarten, Schurgin, Gagnebin & Hayes 
LLP, Ten Post Office Square, Boston, MA 02109, US, 
Patent and Priority Information (Country, Number, Date) : 

Patent: WO 200120836 A2-A3 20010322 (WO 0120836) 

Application: WO 2000US23997 20000831 (PCT/WO US0023997) 

Priority Application: US 99395581 19990914 
Designated States: 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE 

ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT 

LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ* TM 

TR TT TZ UA UG UZ VN YU ZA ZW 
. (EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE 

(OA) BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG 

(AP) GH GM KE LS MW MZ SD SL SZ TZ UG ZW 

(EA) AM AZ BY KG KZ MD RU TJ TM 
Publication Language: English 
Filing Language: English 
Fulltext Word Count: 9016 



Fulltext Availability: 
Detailed Description 

Detailed Description 

... protocol, provide for 

authenticated, private, real-time communications. In 
the SSL protocol, a server system generates a short term 
public/ private key pair, that is certified as authentic 
using a long term private key belonging to the server. 

The client uses the short term public key to encrypt a 
symmetric key for use during the session. The server 
periodically changes its short term private key , , 
discarding any previous versions. This renders any 
records of previous sessions established using the 
former short term. . . 
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Patent Applicant/ Inventor : 
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Patent and Priority Information (Country, Number, Date) : 
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(Protection type is "patent" unless otherwise stated - for applications 
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(EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE 
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(AP) GH GM KE LS MW MZ SD SL SZ TZ UG ZW 

(EA) AM AZ BY KG KZ MD RU TJ TM 
Publication Language: English 
Filing Language: English 

English Abstract 

...term keys of each of the members computing an intra-entity public key 
by mathematically combining its short - term private key , the long 

term private key and the intra-entity shared key. Next, each 
entity combines intra-entity public keys to derive a. . . 
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Patent Applicant /Assignee : 
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QU Minghua, 
Inventor (s) : 

JOHNSON Donald B, 

VANSTONE Scott, 
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Patent and Priority Information (Country, Number, Date) : 
Patent: WO 9925092 Al 19990520 
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Priority Application: US 97966702 19971110 
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AL AM AT AU AZ BA BB BG BR BY CA CH* CN CU CZ DE DK EE ES FI GB GE GH GM 
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FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN 
TD TG 

Publication Language: English 
Fulltext Word Count: 3477 



Fulltext Availability: 
Detailed Description 
Claims 



Detailed Description 

component r by using the first short term public 
key k; 

1 5 (d) generating a second short term priyate key t; 

(e) computing a second signature component s by using the second short 

term private key t on the message m, the long term private 

key and the first signature 

component r ; 

(D computing a third signature component c using the first and. . . 
Claim 

signature component r by using said first short terin public key k; 
0 (d) generating a second short term private key t; 

(e) computing a second signature component s by using said second short 
term private key t on said message m, said long term private 

key and said first signature 
component r ,* 

(f) computing a third signature component c using said first and second 
short term private keys t and k respectively, and sending said 
signature components (r, s, c) as a masked digital signature. . . 

...first signature component r by using said first short term public 
key k; 

(d) generating a second short term private key t; 

(e) computing a second signature component s by using said second short 
term private key t on said message m, said long term private 

key and first signature 
component r ; 

computing a third signature component c using said first and second 
short term 
private keys t and k respectively; 

(g) sending said signature components (r, s, c) as a masked digital 
signature . . . 



8/3,K/ll (Item 5 from file: 349) 

DIALOG (R) File 34 9:PCT FULLTEXT 
(c) 2005 WIPO/Univentio. All rts . reserv. 

00427771 **Image available** 

KEY AGREEMENT AND TRANSPORT PROTOCOL WITH IMPLICIT SIGNATURES 
PROTOCOLED 1 ACCORD DE CLE ET DE TRANSPORT AVEC SIGNATURES IMPLICITES 

Patent Appl icant /Assignee : 

CERTICOM CORP, 

VANSTONE Scott A, 

MENEZES Alfred John, 

QU Mingua, 
Inventor (s) : 

VANSTONE Scott A, 

MENEZES Alfred John, 

QU Mingua, 

Patent and Priority Information (Country, Number, Date) : 
Patent: WO 9818234- Al 19980430 

Application: WO 96US16608 19961018 (PCT/WO US9616608) 

Priority Application: WO 96US16608 19961018 
Designated States : 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE HU IL 
IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT 
RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN KE LS MW SD SZ UG AM AZ 



BY KG KZ MD RU TJ TM AT BE CH DE DK 
BF BJ CF CG CI CM GA GN ML MR NE SN 

Publication Language: English 

Fulltext Word Count: 5131 

Fulltext Availability: 
Detailed Description 



ES FI FR GB GR IE IT LU MC NL PT SE 
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Detailed Description 

... A's and B's respective long-term private key, 
aa mod p is party A's long - term private key , 
ab mod p is party B 1 s long - term private key , 

x is a random integer selected by A as a short - term private key 

ra = a 1 mod p is party A's short-term public key, 

y is a random integer. . .is party A's long-term private key, 

db (I<db<n-1) is party B's long - term private key , 

Qa = daP is party A's long-term public key, 

Qb = dbp is party B's long-term public key, 

k(l<k<n-l) is party A's short - term private key , 

ra kP is party A's short-term public key, 
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OR ONE ( ) TIME? OR DISPOSABLE OR SHORT ( ) (LIVED OR TERM) ) (2W)S1 

53 119 (INITIAL OR PRELIMINARY OR BEGINNING OR STARTING OR RUDIME- 

NTARY OR BASIC OR SIMPLE OR PRIMITIVE OR FIRST OR 1ST OR ORIG- 
INATING OR ORIGINAL OR PARTIAL OR FRACTIONAL OR UNFINISHED OR 
INCOMPLETE OR UNDEFINED OR UNO DEFINED) (2W)S1 
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ABSTRACT 



PROBLEM TO BE SOLVED: To enable simple change of set data and execute 
secret key mode cipher communication by providing a facsimile equipment 
with a means for deciphering a 2nd secret key with a 1st secret key and a 
public key and a means for ciphering data with the deciphered 2nd 
secret key and transmitting the result. 

SOLUTION: The facsimile equipment F is provided with a means for generating 
a secret key and a public key , a means for transmitting the generated 
public key , a means for receiving ciphered data by the transmitted 
public key , and a means for deciphering the ciphered data by the secret 
key. These means are constituted when CPU 1 executes public key mode 
cipher algorithm stored in a ROM- 3 . Namely the CPU 1 generates the 1st 

secret key and the public key and transmits the generated disclosed 
key. Then the CPU 1 controls processing for receiving the 2nd secret 
key ciphered by the public key and deciphering the 2nd secret key 
by the 1st secret key . In addition, the CPU 1 ciphers data by the 
deciphered 2nd secret key and transmits the ciphered data. 

COPYRIGHT: (C) 1999, JPO 
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ABSTRACT 

PROBLEM TO BE SOLVED: To provide a constitution method for an open key 
ciphering system and device therefor which has a strength of same level or 
more against a complete deciphering compared with a conventional open key 
cipher on a rational integer ring, and has a higher strength than ever 
against a broadcasting attack. 



SOLUTION:. A key forming device 21 forms prime ideals (p) , (q) in an 
integer ring (0) on an algebraic number field for making them as a first 

secret key , and makes the remainders of their product (n)=(p) (q) as 
a first open key. Further, a second secret key d and a second open 
key e are formed from (p) and (q) . A ciphering device 31 divides an 
inputted declarative sentence M into blocks, and ciphers them by performing 
a modulo ideal (n) raising operation to eth power, and outputs ciphered 
sentences (C(sub 0), C(sub 1),..., C(sub r-1)) to a communication path 51. 
A decoding device 41 decodes the inputted blocks of the ciphered sentences 
by performing a modulo ideal (n) raising operation to dth power, and 
corporates the decoded blocks of the declarative sentence for outputting 
the declarative sentence. 
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ABSTRACT 

PURPOSE: To detect it without transmitting secret data whether or not a 
terminal equipment possesses the right to transmit a command by generating 
certification information by using a first secret key in the 
terminal equipment, and inspecting the received certification information 
by using a second secret key in an IC card. 



CONSTITUTION: In a terminal equipment 2, means 6-8 are provided to generate 
the certification information by using the first secret key in a 
correspondent relationship with the operation command to an IC card 1, and 
a means 9 is provided to transmit the operation command and the 
certification information to the IC card 1. In the IC card 1, a means 10 is 
provided to receive the operation command and the certification 
information, and means 11-13 are provided to inspect the certification 
information by using the second secret key. As long as the result of the 
inspection is normal, a processing is executed based on the operation 
command. Thus, since the certification information are transmitted and the 
first key itself is not transmitted between the IC card 1 and the terminal 
equipment 2, this key is not tapped and high-grade security can be secured 
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Electronic document signing and authentication method in internet, 
involves storing incomplete private keys for every user in database of 



service computer cluster 

Patent Assignee: NETCERTAI NTY INC (NETC-N) 
Inventor: ROSENBERG G 

Number of Countries: 094 Number of Patents: 002 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 
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Priority Applications (No Type Date) : US 2000559414 A 20000426 
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Patent No Kind Lan Pg Main IPC Filing Notes 

WO 200182036 A2 E 50 G06F-001/00 

Designated States (National) : AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA 
CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS 
JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL 
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Designated States (Regional) : AT BE CH CY DE DK EA ES FI FR GB GH GM GR 
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AU 200153809 A G06F-001/00 Based on patent WO 200182036 

Abstract (Basic) : WO 200182036 A2 

NOVELTY - A signing request transmitted from a remote user computer 
(104) is received at a document service computer cluster (102) . The 
computer cluster retrieves an incomplete private key portion 
unique to the user from a private key database and generates a 
complete private key for signing the document. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
electronic document signing and authenticating system. 

USE - For signing, storing and authenticating electronic documents 
such as assets rollover document, contract documents signed using 
public key cryptography for commerce, over internet. 

ADVANTAGE - The user computer need not run dedicated software to 
enable a user to access and sign documents, as signature ready 
documents are signed at document service computer cluster using 
generated complete private key. Since only the incomplete keys are 
stored, security is high. 

DESCRIPTION OF DRAWING (S) - The figure shows the electronic 
document . signing and authenticating system. 

Document service computer cluster (102) 

Remote user computer (104) 

pp; 50 DwgNo l/ll 
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Method of establishing secure communications link by encrypting user 
authorization information using shared electronic key 
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Abstract (Basic) : EP 1079565 A2 

NOVELTY - Method consists in transmitting a first public key- 
corresponding to the first private key from the first to the second 
station, receiving it, along with user authorization information from 
the user of the second station, determining a shared electronic key 
from the first public and second private keys , or from the second 
public key corresponding to the first and second private keys , 
encrypting the user authorization information using the shared key, and 
transmitting the encrypted information and second public key from 
the second station to the first. These are received, the key is found 
from the second public and first private keys, user authorization 
information is decrypted and registered against stored data. If the 
user of the second station is authorized a secure communication session 
is initiated between the two stations. 

USE - Method relates to cryptographic systems providing secure 
communications using an insecure network. 

ADVANTAGE - Method uses authorization or biometric information to 
establish a secure communications link. 

DESCRIPTION OF DRAWING (S) - The figure shows a flow chart of the 
method.. 
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Abstract (Basic) : EP 1096721 Al 

NOVELTY - The public and private confidential key renewal technique 
has the subscriber setting provisional and private confidential keys 
and forming a provisional certificate. The provisional certificate is 
transmitted to the certification authority demanding key renewal. The 
certification authority then transmits the new defined public and 



private confidential keys and the new certificate. 

DETAILED DESCRIPTION - The certification authority subscriber 
confidential key renewal technique has the subscriber selecting 
provisional and private keys , and then sending a certificate to 
the authority. The authority replies with a new set of defined public 
and private keys and a new certificate. 

USE - Information exchange using a certification authority with 
public and private keys. 

ADVANTAGE - The secret of the confidentiality key is maintained 
during transfer from the certification authority even for the case 
where the old key has been compromised. 
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Abstract (Basic) : EP 940675 Al 

NOVELTY - The method involves generating an authentication and 
electronic signature signal using a private key. This step involves 
generating a chaotic signal based on an initial random signal. A 
comparison signal is generated using a second private key equal 
to the first private . key , also by generating a chaotic signal. 
The comparison and signature signals are compared. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for an 
integrated circuit for generating an authentication and electronic 
signature signal, and an authentication and electronic signature system 
for using the method. 

USE - User authentication. 

ADVANTAGE - By using a chaotic generator the probability of the 
code being broken is reduced, e.g. improves security 

DESCRIPTION OF DRAWING (S) - The figure shows an authentication 
system. 

User smart card (1) 

terminal (2) 

Conventional PIN identification and checking (10,12-16) 
Generation of pair of random numbers (17,18) 



Both sides use chaotic generators to produce result (26,32) 

Check both sides have same result (36) 
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Abstract (Basic) : EP 864959 A 

The method involves transferring user data presented by a user and 
data content names to a key centre and to receive first and second 
secret-keys. The user data is entered as electronic watermark in a data 
content and is edited it in form of an edited data content. The edited 
data content is encrypted using the first secret -key to produce 
encrypted edited data content. The encrypted edited data content and 
the first and second secret- keys are transferred to users. A scenario 
of the editing process is stored. The first and second secret - keys 

are generate, to store data content names, user data, first and 
second secret keys and scenarios of users. The first and second 

secret - keys are transferred to users and to the data centre 
together with user data and data content names and to confirm by a 
scenario transferred by a user whether the user is an authorised user. 

ADVANTAGE - Prevents piracy or leakage of data content using 
cryptography technique. 
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Abstract (Basic) : US 5796833 A 

The method involves sending the public key from the user to the 
certificate authority. Random factors are generated (31) at the 
certificate authority with the CA processor. Another public key is 
generated from the first public key and random numbers. It is 
difficult to compute the random numbers when the public keys are 
known . 

The second public key is certified by generating a certificate 
of sterilization of the second public key . The certificate of the 
second public key , a random key and additional random keys 
generated for calculating the second public key is sent from the 
certificate authority to the user. The user verifies the certification 
of the second public key by using a processor (21) .A second 
private key using the user processor is calculated from the random 
factors , first private key or from second public key and some 
user's private information. 

ADVANTAGE- It is practical and efficient as the public keys do 
not add on as a burden to an encryption algorithm. 
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Abstract (Basic) : WO 9718655 A 

The method of replacing a root key involves electronically sending 
out a message which indicates that the root key is being replaced. The 
message also contains a replacement key and a digital signature is 
generated by using the root key. 

the replacement key is the public key of a second public key 
-private key pair which replaces the first such pair. A value V is 
published in an out -of -band channel and is related to the emergency 
message . 

USE/ ADVANTAGE - E.g. for authenticating and signing electronic 
documents. Central authority can use other entities to distribute 
emergency message rather than individually distribute message to all 
end users. Provision of out-of-band message along with emergency 
reassures users of security. 
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Abstract (Basic) : WO 9708870 A 

The method computes at least one number, by applying a one-way 
function to the second secret key and a first serial number, using a 
third computing device. The number is then fed to the first computing 
device which then computes information that is synchronised with a 
second serial number of the tamper-resistant computing device. 

The information is fed to a second computing device which produces 
an output that is based on the first secret key, the information, and 
an application of the one-way function to at least the second secret 
key and the second serial number. The second computing device the 
updates the second serial number by applying an update function. 

USE/ADVANTAGE - E.g. for . electronic transfer of information against 
criminals who are able to gain full control of computing devices of 
other parties. Allows efficient public key cryptographic system 
without using special purpose cryptoprocessors . Increases security and 
enables currency conversion in privacy protected public key 
cryptographic systems. 
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Abstract (Basic) : DE 19629192 A 

The communications system includes a transmitting computer which 
has a first associated public (network) key and a first private 

key . The receiver computer includes a second public key and a 
second private key . The system calculates a first Hash code for 
the electronic data interchange (EDI) from the transmitting computer. 

The system then incorporates the first Hash code at a given point 
on the associated EDI -confirmation message. A second Hash code is 
computed and encrypted with the private key. Then the EDI -data is 
transmitted with the digital signal of the associated EDI -confirmation 
report. The receiving computer receives and processes the EDI-data to 
generate an authenticity and non-refusal or rejection of the EDI-data. 

USE/ADVANTAGE - E.g for INTERNET (RTM) . Enables secure electronic 
data exchange over open system- network. 
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Abstract (Basic) : WO 9612362 A 

The cryptographic method where a first party issues a certificate, 



called a secret key certificate, to a second party involves a first 
secret key being generated for use by the first party. The secret 

key is unknown to the second party. A first public key is also 
generated . A second secret key is generated by the second 
party as well as a second public key . The first party issues a 
secret key certificate to the second party according to a set protocol. 
The certificate is generated corresp. to the second public key 
according to a publicly verifiable relation. 

The secret key certificate is a digital signature of the first 
party on the second secret key. The second party is able to feasibly 
generate without assistance of the first public key and 
corresponding secret key certificates. 

USE /ADVANTAGE - Allows anyone to generate public key and 
corresp. certificate, but prevents formation of triple without 
certification authority evolvement . Prevents public key directories 
revealing genuiness of privacy related information. 
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Abstract (Basic) : US 5159632 A 

The key generator for a secure key comprises a first private 
key source for providing a first private key ; a second 
private key source for providing a second private key ; and a 
public key ' source for providing at least first and second public 
keys . The first public key is generated by performing an elliptic 
curve. The second public key is generated by performing an elliptic 



multiplication of the second private key and the point. The point is on 
an elliptic curve over a finite field FpK, where p is one of a class of 
numbers such that mod p arithmetic is performed in a processor using 
only shift and add operations. 

A first elliptic multiplyer is coupled to the first private key 
source and the public key source, generating an enciphering key 
by performing an elliptic multiplication of the first private key 
and the second public key. A second elliptic multipyer is coupled to 
the second private key source and the public key source for 
generating a deciphering key by performing an elliptic multiplication 
of the second private key and the first public key . 

ADVANTAGE - Provides faster calculations. 



15/5/1 (Item 1 from file: 347) 

DIALOG(R) File 347:JAPIO 

(c) 2005 JPO & JAPIO. All rts. reserv. 

08190505 **Image available** 
DATA COPYRIGHT MANAGEMENT DEVICE 



PUB . NO. : 
PUBLISHED: 
INVENTOR (s) : 

APPLICANT (s) 
APPL . NO. : 

FILED: 
PRIORITY: 



INTL CLASS: 



2004-303265 [JP 2004303265 A] 

October 28, 2004 (20041028) 

SAITO MAKOTO 

MOMIKI JUNICHI 

MITSUBISHI CORP 

2004-149423 [JP 2004149423] 

Division of 07-280984 [JP 95280984] 

May 19, 2004 (20040519) 

06-264200 [JP 94264200], JP (Japan), 

(19941027) 

06-299835 [JP 94299835] , JP (Japan) , 
(19941202) 

G06F-012/14; G06F-012/00; H04L-009/10 



October 27, 1994 



December 02, 1994 



ABSTRACT 

PROBLEM' TO BE SOLVED: To provide a terminal unit for handling data 
copyright, digital cache and television conference system data. 
SOLUTION: This data copyright management device is provided with a CPU, an 
ROM, an EE PROM and an RAM. The ROM, EE PROM and RAM are connected to a bus 
of the CPU, and a system bus of devices for using data is connectable to 
the bus of the CPU. A data copyright management system program, 
cryptographic algorithm and user information are stored in the ROM, and a 
second exclusive key, a use authorization key, a second private key and 
copyright information are stored in the EE PROM . When the device is 
operated, a first public key, a first exclusive key, a second public 
key and a first private key are transferred to the RAM. As the 
form of the data copyright management device, a monolithic or hybrid IC, 
a thin-type IC card or PC card with an exclusive terminal, and an insertion 
board are applicable and can also be built in a computer device, a 
television image receiver, a set- top box, digital video tape recorder, 
digital video disk recorder, a digital audio tape device or a portable 
terminal unit. 
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ABSTRACT 



PROBLEM TO BE SOLVED: To manage data with high- security enciphering. 

SOLUTION: Pairs of the first, second and third public keys and secret 
keys are generated and these second and third public keys and 
secret keys are enciphered by the first secret key . The enciphered 



second and third public keys are held on the side of an 
authentication part and these secret keys are, respectively, passed to a 
client and a server. Then, data are enciphered by using the second public 
key on the client side (S302) . These enciphered data are transmitted to the 
server (S304) , and on the server side the enciphered data are enciphered 
again by using the third public key and preserved (S3 08) . 
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NOVELTY - An initialization information for information handling 
system is received and information is accepted based on validity of 
first digital signature. A message with a public verification key is 
received and the key is accepted based on validity of second digital 
signature. An additional initialization information is received and the 
information is accepted based on validity of third digital signature. 

DETAILED DESCRIPTION - A first message containing an initialization 
information and a first digital signature generated on first message 
using a private signature key, are received. The initialization 
information is accepted only if first digital signature is verified as 
a valid signature using first public verification key. A second message 
containing second public verification key and a second digital 
signature generated on second message using first private key , 
are received. The second public verification key is accepted only 
if second digital signature is verified as valid signature using first 
public verification key. A third message containing additional 
initialization information and third digital signature generated on 
third message using second private signature key, are received. The 
additional information is accepted only if third digital signature is 
verified as valid signature, using second public verification key. 
INDEPENDENT CLAIMS are also included for the following: 

(a) program storage device; 

(b) apparatus for initializing information handling system 

USE - For initializing configuration of cryptographic co-processor 
of general purpose computer. 

ADVANTAGE - Control information is in the clear and can be read and 
inspected. Use of crypto configuration control (CCC) provides either 
static or dynamic configuration control or both without requiring any 
changes to chip. Permits cryptographic processor to be initialized by 
the customer from the convenience of his own work station in his own 
office. Provides public access to all initialization information, thus 
making every step of initialization process publicity auditable. 

pp; 37 DwgNo 0/38 
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Abstract (Basic) : WO 200005836 Al 

NOVELTY - The method provides every member (Useri) who uses the 
services of a Certify Authority (CA) with a public key (Pui) and a. 
private key (si) . The process is effected over a finite group of points 
using the steps of permitting CA to select a generating group point 
(G) . A random CA private key (PS) is generated (PS=dasteriskG) before 
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calculates said member public key (Pui) and intermediate private 
key (pi) . A second member value (yi) is generated and also a second 

intermediate member public key (yiasteriskG) to generate a 
public key Pui=xiasteriskG+yiasteriskG. A member's temporary value 
(H(IDi,PUi)) is formed by operating a hash transformation (H) , allowing 
an intermediate private key (pi=H(IDi, PUi) asteriskd+yi) for member to 
generate private key (si) (si=pi+xi) . 

USE - Key agreement system for an encryption system. 
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...SPECIFICATION to a method of managing and delivering a plurality of keys 
in a domain. The method is generating a first public / private key 

pair (Pkdkd, Skdkd) , a second public / private key pair (Pkrpbsr, 
Skrpbsr) , and a third public /private key pair (Pkbsr, Skbsr) . 
Configures the Pkdkd key into an routers in the domain, and the key pair 
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...SPECIFICATION a first station and a second station of a communication 
network. The method comprises the steps of: 

generating a first private/public key pair at the first station; 
signing the first public key; 
transmitting the. . . 

. . .at the second station; 

verifying the signed first public key at the second station; 
generating a second private /public key pair at the second station; 

generating a shared key corresponding to the first private/public key 
pair and the second private /public key pair at the second station; 

receiving biometric information at the second station from a user of 
the. ... 

...the encrypted second public key at the first station; 

decrypting the encrypted second public key using the first private 
key at the first station; 

generating a shared key comprising corresponding to the first 
private /public key pair and the second private /public key pair 
at the first station; 

decrypting the encrypted biometric information using the shared key at 
the first ... 



. . .CLAIMS first public key and a second private key wherein the shared key 
is also capable of being determined from a second public key 
corresponding to the second private key and the first private key; 
e. . . 

. . .and a second station of a communication network as defined in claim 1, 

wherein the first public key is derived from the first private 

key and wherein the second public key is derived from the 
second private key. 
3. A method for securely establishing a secure communication link 
between a first station and a second station of a communication 
network as defined in claim 2, wherein the first private key 
is a, the first public key is derived using the equation ga) 
mod p, and the shared electronic key is z = za) ) = (gb) ) mod p. . . 
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..SPECIFICATION event of the list or guide, the digitally signed message 
comprises a message encrypted using a second public key and a digital 
signature created using a first private key . The method further 
comprises selecting an event from the list; receiving the digitally 
signed message corresponding to . . . 

..message corresponding to each event in the guide, each of the digital 
certificates being encrypted using a first guide private key , the 
separate messages being encrypted using a smart card public key and 
containing an associated signature created using a second guide 
private key ; selecting an event from the guide; receiving the digital 
certificate, message and associated digital signature corresponding to . . , 
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. . .CLAIMS article. 

7. A method as described in Claim 6 wherein a trusted third party 

provides a party producing said label with said first private 
key and with an encryption of said first public key by a second 
private key kept secret by said trusted third party, • said 
producing party including said encryption of said first public key 
with said label and said trusted third party. . . 

. . . article . 

9. A method as described in Claim 8 wherein a trusted third party 

provides a party producing said label with said first private 
key and with an encryption of said first public key by. a second 
private key kept secret by said trusted third party, said 
producing party including said encryption of said first public key 
with said label and said trusted third party. . . 

. . .CLAIMS article. 

6 . A method as described in Claim 5 wherein a trusted third party 

provides a party producing said label with said first private 
key and with an encryption of said first public key by a second 

private key kept secret by said trusted third party, said 
producing party including said encryption of said first public key 
with said label and said trusted third party. . . 
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..SPECIFICATION aspect of the present invention there is provided a secret 
communication method based on an n-adic public key cryptosystem using a 
first secret key formed by two prime numbers p and q, a second. . .an 
authenticity of an authentication message M from an encrypted 
authenticator based on an n-adic public key cryptosystem using a first 
secret key formed by two prime numbers p and q, a second secret key d, 
a first public key n = pq, a second public key e, and a number of 
partial blocks k which is an integer greater than or equal to. . . 

. .verifying an authenticity of an authentication message M from an 
encrypted authenticator based on an n-adic public key cryptosystem 
using a first secret key formed by two prime numbers p and q, a 
second secret key d, a first public key n = pq, a second public 
key e, and a number of partial blocks k which is an integer greater than 
or equal to. . . 



CLAIMS 1. A secret communication method based on an n-adic public key 

cryptosystem using a first secret key formed by two prime numbers p 
and q, a second. . .an authenticity of an authentication message M from 
an encrypted authenticator based on an n-adic public key 
cryptosystem using a first secret key formed by two prime numbers p 
and q, a second secret key d, a first public key n = pq, a second 

public key e, and a number of partial blocks k which is an 
integer greater than or equal to. . . 

...verifying an authenticity of an authentication message M from an 
encrypted authenticator based .on an n-adic public key 
cryptosystem using a first secret key formed by two prime 
numbers p and q, a second secret key d, a first public key n = 
pq, a second public key e, and a number of partial blocks k which 
is an integer greater than or equal to. . . 
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...SPECIFICATION divided into two by the entity A 200 (SI), and one of the 
partial private keys (a first partial private key) is maintained at the 
entity A 200 (S2) , while the other one of the. . . 

. . .generation unit 220, using the prime numbers p and q in the deposit key 
information, the partial private keys are changed without changing 
the public key (S18) , by generating a new first partial private 
key ksl' and a new second partial private key ks2 1 which satisfy 
the following congruence (8) . 

Next, a more specific example of a private key depositing. . .key and the 
second partial private key, a new first partial private key and a new 
second partial private key can be generated at the user ' s entity 
by using these prime numbers p and q, without changing the public key 
, so that it becomes possible to change and manage the keys easily and 
there is no need. . . 



.SPECIFICATION divided into two by the entity A 200 (SI), and one of the 
partial private keys (a first partial private key) is maintained at the 
entity A 200 (S2) , while the other one of the ... generation unit 220, 
using the prime numbers p and q in the deposit key information, the 
partial private keys are changed without changing the public key 

(S18) , by generating a new first partial private key ksl 1 and a 
new second partial private key ks2 ■ which satisfy the following 
congruence (8) . 



Next, a more specific example of a private key depositing... 

. . .key and the second partial private key, a new first partial private key 
and a new second partial private key can be . generated at the 
user's entity by using these prime numbers p and q, without changing the 
public key , so that it becomes possible to change and manage the keys 
easily and there is no need. . . 

. ..CLAIMS at the user's entity. 

5. The method of claim 2, wherein the encryption key is the second 

partial private key itself, and the key decryption key is formed by 
the first partial private key. . . 

. . .a new second partial private key which are different from the first 
partial private key and the second partial private key , 
without changing a public key of the user, by using the private key 
obtained from the first partial private key and the second 
partial private key and the prime numbers p and q delivered from 
said another entity. 
29. A system for depositing... 

...CLAIMS at the user's entity. 

5. The method of claim 2, wherein the encryption key is the second 

partial private key itself, and the key decryption key is formed by 
the first partial private key. . . 

. . .a new second partial private key which are different from the first 
partial private key and the second partial private key , 
without changing a public key of the user, by using the private key 
obtained from the first partial private key and the second 
partial private key and the prime numbers p and q delivered from 
said another entity. 
29. A system for depositing... 
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According to another aspect of the present invention there is provided 
a method for generating and managing a secret key of a public key 
cryptosystem, comprising the steps of: (a) separately entering. 707) . 

When both of the verifications at the steps 701 and 702 are 
successful, a new partial secret key d( sub((0 slash) NEW) ) and a 
new public key exponent e( sub (NEW)) are generated by using the new 
partial secret keys d( sub(l NEW)) and d( sub(2 NEW)) (step 703). 

Then, the secret information Cardlnfo stored ... secret key of the public 
key cryptosystem to be used for deciphering the purchased digital data 
is generated and managed according to the procedure shown in the flow 
chart of Fig. 23 as follows. Note that this public key 
cryptosystem for deciphering is to be separately provided from the 
public key cryptosystem for signing described above. 

First , the secret key of the pubic key cryptosystem for 
deciphering the purchased digital data is generated by the copyright 
owner of this digital data (step 821) , and the generated secret key is 
strictly. . . 
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. . .ABSTRACT A2 

A data processing system, program and method are disclosed for managing 
a public key cryptographic system which includes a public key, private 
key pair generator. The method includes the step. . . 

...the first public key, private key pair. 

The method then continues with the step of generating a second public 
key, private key pair using a second seed value unknown to the user, 
the second seed value being a true random number. The second random 
number is generated using the second seed value in a pseudorandom number 
generator and applied to generating the second key pair. The method 
generates a second control vector defining a second use of the second 
t public key, private key pair. 

The method then controls the use of the first public key, private 
key pair using the first control vector and controls the use of the 
second public key, private key pair with the second control vector, 
(see image in original document) 

. . . CLAIMS A3 

1. In a data processing system, a method for managing a public key 
cryptographic system which includes a public key, private key pair 
generator, comprising the steps of: 

generating. .. first public key and of said first private key, 
respectively; 

said second generating means generating a second public key, 
private key pair using said second random number and generating a 
second public key control vector and a second private key control 
vector for defining a second. . . 

...said second public key and of said second private key, respectively; 

controlling means coupled to said first generating means, for 
controlling the use of said first public key and said first 
private key using said first public key control vector and 
said first private key control vector, respectively; 

said controlling means coupled to said second generating means, 
for controlling the use of said second public key and said second 
private key using said second public key control vector and said 
second private key. . . 
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. . .ABSTRACT A2 

A data processing system, method and program are disclosed, for 
managing a public key cryptographic system. The method includes the 
steps of generating a first public key and a first... 
...second public key algorithm. The method then continues by assigning a 
private control vector for the first private key and the second 
private key in the data processing system, for defining permitted uses 
for the first and second private keys . Then the method continues 
by forming a private key record which includes the first private key 

and the second private key in the data processing system, and 
encrypting the private key record under a first master key expression. . . 

. . . CLAIMS A3 

1. In a data processing system, a method for managing a public key 
cryptographic system, comprising the steps of: 

generating a first public key and a first private key... second 
private key in said data processing system, for defining permitted 
uses for said first and second private keys ; 

key record forming means coupled to said first and second 
generating means, for forming a private key record which includes 
said first private key and said second private key in said 
data processing system, encrypting means coupled to said key record 
forming means and said assigning means, for encrypting said private 
key record under a first master key expression ... said decryption 
means, for computing a second private key authentication record in 
said data processing system, by computing a second hash value using 
said hashing function on said decrypted private key record and 
comparing said second a private key authentication record with 
said first private key authentication record; 



terminating means coupled to said computing means, for aborting 
further processing of said first key use request in said data 
processing system, if . . . 
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Claim 

. . . encryption and decryption functions as part of the evaluation of any 
license, the black box having a first unique public / private key pair 
(PU-BB 1, PR-BB 1) that is employed I 0 as ... installs the received black 
box on the computing device, the received black box having I 0 a second 
unique public / private key pair (PU-BB2, PR-BB2) different from the 
first unique public / private key pair (PU-BB 1, PR-BB 1) . 
32 The computing device of claim 28 wherein the license evaluator 
receives an enabling, valid license from the license server. . .decryption 
functions as part of the evaluation of any license with a black box 
having 
Z:) 

a first unique public / private key pair (PU-BB 1, PR-BB 1) that is 
employed as part of . . . 

. . .a black box serven 

receiving the requested black box; and 

installing the received black box on the computing device, the received 
black box having a second unique public / private key pair (PU-BB2. 
PR-BB2 ) different 



from the first unique public / private key pair (PU-BB 1. PR-BB I 
5 I The method of claim 4 7 wherein determinincy whether. . . 
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Claims 
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Detailed Description 

and decrypting data is provided. The data have a plurality of blocks. 
The first user has a first secret key, and a first public key generated 
from the first secret key. The second user has ... have a plurality of 
blocks. The first user has a first secret key and a first public key ; 
the first public key is generated from the first secret key . The 
second user 5 has a second secret key and a second public key ; the 
second public key is generated from the second secret key. The system 
includes a first processor whichis located at the first user and a second 
processor which is located at the second user. 

The first processor generates a global key from the s econd public 
key and the first secret key . The first processor scrambles and 
partitions a block of data to generate a block 0 of scrambled data 
having a first portion and a second portion. The first processor. . . 

Claim 

... of blocks, with each block having a multiplicity of sub-blocks, with 
the first user having a first secret key and a first public key 
generated from the first secret key, and with the second ... encrypting and 
decrypting data having a plurality of blocks, with a first user having a 
first secret key and a first public key generated from the first 
secret key , and with a second user having a second secret key and a 
second public key generated from the 
second secret key, comprising: 



first means, located at the first user, for generating a global key 
from the second public key and the first secret key , said first 
means for scrambling and partitioning a block of the data, thereby 
generating a block of scrambled data having a first portion and a second 
portion, said first means for. . . 
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. . . with this invention there is provided; a method of signing and 

authenticating a message m in a public key data communication system, 
comprising the steps of . 

in a secure computer system. 

(a) generating a first . . . 
...in a field, the processing means comprising. 

within the secure boundary; 
4 

means for generating a first short term private key ; 

means for generating a second short term private key; 

means for generating a first signature component using at least the 

second short 

term session key; and 

generating a masked signature component using the first and second 
short term session keys to produce masked signature ... kP is converted to 



an integer x, and a first signature component r = x, (mod n) is 
calculated . A second statistically unique and unpredictable integer the 
second short - term private key is selected such that 2 :5 t :5 
(n-2) . Second and third signature components s = t. . . 

Claim 

1 A method of signing and authenticating a message m in a public key 
data 

communication system, comprising the steps of : 
in a secure computer system; 
(a) generating a f irst ... first signature 
component r ; 

computing a third signature component c using said first and second short 
term 

private keys t and k respectively; 

(g) sending said signature components (r, s, c) as a masked digital 
signature . . . 

...predetermined order in a field, said processing means comprising: 
within said secure boundary; 

means for generating a first short term private key ; 
means for generating a second short term private key ; 

means for generating a first signature component using at least said 

second short 

term session key; and 

generating a masked signature component using said first and second 
short term session keys to produce masked signature... 
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Claims 
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Claim 

. . . private key for the next time interval . 

8 A method for certifying data, comprising the steps of: 
generating a first key pair at a first time 



interval, the first key pair including a first public ... first time 

interval, the first key pair including a first public key and 

24 

a first private key , 

generate a second key pair at a second time 

interval, the second key pair including a second public key 

and a second private key , 

sign the second public key using the first 

private key , 
delete the first private key , 
process an certification request during the 

second time interval using the second private key , and 
delete the second private key . 

18 The system according to claim 16, wherein the general 
purpose computer has a client-server architecture... 
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Claims 
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Claim 

. . . method for encrypting a plaintext message comprising the 
steps of : 

selecting two random numbers r and s; 

generating an initial clue clueo using said random number r, a public 
key from a first public key ... readable program code configured to cause a 
computer at said 

receiver to perform the following steps of : 

determining said initial clue clueo from said random number r, a 
private key of said first public key/ private key pair, and a public 
key of said 

second public key/ private key pair; 

determinina - which elliptic curve holds the point mi; 

0 

computing elliptic add (clue mi, g) to determine Xtexti; and 
computing subsequent clue cluei+1 usinor current clue... 



19/3, K/17 (Item 6 from file: 

DIALOG (R) File 34 9:PCT FULLTEXT 
(c) 2005 WIPO/Univentio. All rts. 



349) 

reserv. 



00465715 **Image available** 

GLOBAL CONDITIONAL ACCESS SYSTEM FOR BROADCAST SERVICES 
ACCES CONDITIONNEL GLOBAL A DES SERVICES DE TELEDIFFUSION 

Patent Applicant /Assignee : 

THOMSON CONSUMER ELECTRONICS INC, 

ESKICIOGLU Ahmet Mursit, 
Inventor (s) : 

ESKICIOGLU Ahmet Mursit, 
Patent and Priority Information (Country, Number, Date) : 

Patent: WO 9856180 Al 19981210 

Application: WO 98US11634 19980605 (PCT/WO US9811634) 

Priority Application: US 9748852 19970606 
Designated States.: 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM 
GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX 
NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW GH 
GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES 
FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD 
TG 

Publication Language: English 
Fulltext Word Count: 4389 

Patent and Priority Information (Country, Number, Date) : 

Patent: . . . 19981210 

Fulltext Availability: 
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Detailed Description 

event of the list 

or guide, the digitally signed message comprises a message encrypted 
using a second public key and a digital signature created using a 
first 

private key . The method further comprises selecting an event from 
the list; receiving the digitally signed message corresponding to being 
encrypted using a first 

guide private key , the separate messages being encrypted using a 
smart card public key and containing an associated signature created 

using a second guide private key ; selecting an event from the 
guide ,* 

receiving the digital certificate, message and associated digital 
signature corresponding to... 
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... recovery information without revealing private information. 

2. The method of claim 1, further comprising the steps of: 

determining , by said first party, the key based on said second party's 
public 

key and said first. . .said first response, 

c, is said first hash of said first challenge, 

k, is a first randomly generated integer, 

y2 is said second party's public key , 

yr is the recovery agent 1 s public key , 

x, is the first party's private key , and 

p is a large public prime number, and 

providing said first challenge, said first hash, and... said second 
response, 

c2 is said second hash of said second challenge, 

k2 is a second randomly generated integer, 

Y2 is said second party's public key , 

y, is the recovery agent's public key , 

x, is the first party's private key , and 

p is a large public prime number, and 

providing said challenge, said hash, and said second. . . 
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Claim 

. . . key is being replaced, said 

message also containing a replacement key and a digital 

signature which was generated by using the root key, said 

replacement key being the public key of a second public 

10... public key of a second public key-private key 

pair which is replacing the first public key- private key 

pair; 

SUBSTITUTE SHEET (RULE 26) 

- 19 using the public key of the first public key 

private key pair to verify the digital signature of the 
emergency message; 

obtaining through an out-of-band channel... 

. . . the emergency 
message ; 

applying the algorithm to said at least some part 
of the emergency message to generate a value B; 
comparing B to V; and 

if B equals V, replacing the public key of the 

first public key - private key pair with the replacement 
key, 

11 An apparatus for recovering from a compromise 
15 of a root ... 
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Claim 

1 A method for a user-controlled first computing device to reduce the 



computational burden of a tamper-resistant second computing device, 
the second computing device ... key ; 

computing by the first computing device, at least one output 

based on at least the second secret key and a third secret key, 

the first secret key being a function of the second and third 

secret keys ; and 
erasing by the first computing device, the second secret key . 

23 A method for implementing a privacy-protected off-line electronic 
cheque system, in which an . . .the public key, the public key and the 
digital certificate being hidden from the issuing party, the first 

secret key comprising information certified by the issuing party, 
and the information certified by the issuing party comprising a 

second secret key of the first computing device; 
receiving by the first computing device, a message speci4ring at 
least an amount of electronic cash. . . 
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Claim 

1 A key generator for generating a secure key comprising: 
a first private key source for providing a first private key, 
second private . . . 

. . .for providing a second private key; 

public key source for providing at least first and second public keys 

said first public key generated by performing an elliptic 
multiplication of said first private key and a point on an elliptic 
curve, and said second public key generated by performing an elliptic 
multiplication of said second private key and said point, said point on • 
an. . . 

. . .performed in a 

processor using only shift and add operations; 

first elliptic multiplying means coupled to said first private key 
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... 310 Mbps - 3DES , HMAC-SHA-1) performance, and in excess of 250 

Dif f ie-Hellman key exchanges per second (1024-bit public key , 180-bit 
private key) . Extensive hardware support for processing intensive public 
key operations minimizes the user software... 

...TLS key negotiations. A true hardware random number generator on the 
BCM5805 is well suited for IV seeding and secret key generation. 

The BCM5805's PCI interface makes it an optimal solution for add-in 
card applications. Utilizing... 
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... consolidated reporting found in RADIUS . 

For a discussion of Kerberos as a method of assisting users in 
establishing encrypted communication sessions, see 
t echweb . cmp . com/nc /801/801fl. html . 

Decoding Encryption Encryption algorithms are divided into two basic 
schemes: private key and public key . Private. key, or symmetric 
(sometimes called shared- secret) , algorithms use the same key to encode and 
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management such as meeting in the network and talking in the network etc. 
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ABSTRACT: The use of cryptography allows proprietary data to be encoded 
and prevents data misuse. A cryptographic system guards against threats to 
security by providing secrecy, integrity, and a signature to establish 
sender identity and confirm that an individual sent a message. There are 2 
distinct groups of cryptographic schemes: secret-key and public-key 
methods. The secret-key algorithm is fully reversible and symmetric, which 
means that decrypting the cipher text yields the original plain text. 
Public-key systems are asymmetric, that is, the encryption and decryption 
algorithms are different, so passing the cipher text through the encryption 
stage does not produce the original message. Secret - key systems 
have enjoyed greater use than public - 'key systems, despite the 
significant advantages available with public - key cryptography. Public 
- key systems need considerably more computational resources to match the 
encryption and decryption speeds of secret-key systems and therefore cost a 
lot more . 
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In this paper the concept of certif icateless public key cryptography 
(CL-PKC) is introduced. This CL-PKC does not need the use of digital 
certificates as in the traditional public key infrastructure (PKI) . Hence, 
this model for the use of public key cryptography can be considered to be 
between traditional PKI and identity-based public dey cryptography (ID-PKC) 
[A. Shamir, in Advances in cryptology (Santa Barbara, Calif., 1984), 
47- -53, Lecture Notes in Comput. Sci., 196, Springer, Berlin, 1985; \refcno 
820012\endref cno] . 

The CL-PKC makes use of a trusted third part, which is called the key 
generating center (KGC) . Given a user $A$ with an identifier $ID\sb A$, the 
KGC computes, from $ID\sb A$ and a master-key, a partial private key $D\sb 
A$ which is provided securely to $A$ . Then, the entity $A$ combines its 
partial private key $D\sb A$ with some secret information to generate its 
actual private key $S\sb A$ . In this way, $S\sb A$ is not accessible to 
KGC. Later, $A$ uses its secret information with the KGC 1 s public 
parameters to generate its public key $P\sb A$ . 

An adversary could replace $A$ ■ s public key by a false key, but this 
adversary does not gain anything since $A$ ■ s correct private key requires 
for its generation the partial private key which is provided by 
KGC. 

The certif icateless public key encryption (CL-PKE) scheme is 
specified by seven randomized algorithms: (1) The setup algorithm takes a 
secure parameter to return the system parameters, which will be publicly 
known, and the master-key. (2) The partial-private-key-extract algorithm 
takes as input the system parameters, the master-key, and $ID\sb A$ , to 
return $D\sb A$ . These two algorithms are run by the KGC, whereas the next 
three algorithms are run by the entity $A$ . (3) The set-secret-value 
algorithm considers as input the system parameters and $ID\sb A$ to output 
$A$ • s secret value $x\sb A$ . (4) The set-private-key algorithm takes the 
system parameters, $D\sb A$, and $x\sb A$, and returns the private key 
$S\sb A$. (5) The set-public-key algorithm considers the system parameters 
and $x\sb A$ as input and returns $A$ ' s public key $P\sb A$ . The next two 
algorithms permit encryption and decryption of messages. (6) The encrypt 
algorithm takes . as input the system parameters, a message, the public key 
$P\sb A$, and the identifier $ID\sb A$ of $A$ , and returns either a 
ciphertext or a null symbol if the encryption procedure fails. Finally, (7) 
the decryption algorithm returns the original message or a null symbol if 
the decryption procedure fails, from an input of the ciphertext, the system 
parameters, and the private key $S\sb A$ . 

After introducing CL-PKE, the authors define and discuss the possible 
actions that an adversary can carry out against the CL-PKE. 



Then, they describe a pair of CL-PKE schemes based on bilinear maps, 
which are analogous to those presented in [D. Boneh and M. Franklin, in i 

Advances in cryptology CRYPTO 2001 (Santa Barbara, CA) , 213--229, Lecture 

Notes in Comput . Sci., 2139, Springer, Berlin, 2001; \refmr MR1931424 
(2003h: 94054) \endrefmr] . Moreover, the authors prove that these CL-PKE 
schemes are secure assuming that the generalized bilinear Dif f ie-Hellman 
problem (GBDHP) is hard, where GBDHP is defined in the .following way. Let 
$G\sb 1$ be an additive group of prime order $q$, $P$ a generator of $G\sb 
1$, $G\sb 2$ a multiplicative group of the same order, and a map $e\colon 
G\sb 1 \times G\sb l\rightarrow G\sb 2$, such that: (1) $e$ is bilinear, 
i.e., given $Q,W,Z\in G\sb 1$, then $e(Q,W+Z) =e(Q,W)\cdot e(Q,Z)$ and 
$e (Q+W, Z) =e (Q, Z) \cdot e(W,Z)$, (2) $e$ is nondegenerate , i.e., $e(P,P)\neq 
l\sb {G\sb 2}$, and (3) the map $e$ is efficiently computable. The GBDHP in 
$\langle G\sb l,G\sb 2,e\rangle$ is as follows: Given $\langle 
P, aP, bP, cP\rangle$ with uniformly random choices of $a,b,c\in Z\sb q\sp 
{\ast}$, output a pair $\langle Q\in G\sb l\sp {\ast} , e (P,Q) \sp {abc}\in 
G\sb 2\rangle$ . 

Finally, a certif icateless signature scheme is presented. 
\{For the entire collection see MR 2005d : 94150 . \ } 
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Summary (translated from the Spanish) : ""We present numerical message 
encryption systems, first secret - key systems and then public - key 
systems. For the former , the coding and decoding processes can be carried 
out easily when their respective keys are known. For the latter, the 
decoding of messages remains a difficult problem even when the keys are 
known. Some of latter methods are based on the difficulties connected with 
the factoring of large integers and with deciding whether a large integer 
is a prime. We present methods for treating these problems 1 



